The emerging use of HTML5 creates opportunities for cybercriminals, says security firm Sophos. The BBC reports:
Traditionally browsers have stored relatively small amounts of “sticky” data, limited mainly to cookies which track the websites that people have visited.
The fact that HTML 5 allows more data to be stored in the browser means firms and cybercriminals could create super-cookies to track people’s web behaviour.
Some malware techniques have faded out of fashion because patches have been found for them. HTML 5 makes some ripe for renewed exploitation, thinks [James] Lyne [director of technology strategy at Sophos]. …
The other major security flaw for HTML 5, identified by Sophos, is the fact that it is built to integrate with mobile features such as GPS. It means that a mobile phone browser will be able to identify a person’s location, as long as it is given permission, straight out of the box.
What do you think? Is HTML5 not ready for primetime? Or are the security flaws described above overstated?
Photo by Tobias Leingruber.